The Real World of IT
Security – Insight From a
Survey of Business
Aaron C. Goldberg
July 2013
Interactivity Tips
1. Ask A Question
2. Download a PDF copy of today’s presentation
3. Social Networking Tools
Key Discussion Points
• The IT Security landscape
• Identifying the concerns
• The reliance on Anti-Virus
• The barriers t...
About the Survey
• How many
• When
• How was it done
Today’s IT Security Landscape
• Biggest areas of IT security concern
• Threat impact
• Protection in use for endpoints
• P...
Key Concerns for IT Security
0%
5%
10%
15%
20%
25%
Operatingsystem
layerattacks
Applicationlayer
attacks
USBdeviceattacks
...
Impact of Threats
Malware Incidents Per Month
0%
10%
20%
30%
40%
50%
60%
70%
5-10 10-20 20-30 30-40 40+
Protection In Use At Endpoints
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Anti-virus(AV)
Applicationcontrol/
whitelisting...
Protection Installed for Servers
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100% Anti-virus(AV)
Application
control/whitelisti...
Focusing on Anti-Virus
• Most common security tool
• Viruses seem to be the single most prominent
threat mentioned in the ...
How Important Do You Believe Anti-
Virus is to Protect Your Network
0%
10%
20%
30%
40%
50%
60%
70%
Extremely
important
Ver...
The Barriers to Increased IT
Security
• This is one aspect of IT where the trade-off of
dollars vs. risk is most apparent
...
What Prevents You From Deploying
Additional Security Layers
0%
10%
20%
30%
40%
50%
60%
Budgetconstraints
Laborconstraints
...
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Antivirus:
Required but
not Sufficient
New Threat Landscape
New Malware in 2013
16
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
New Malware in 2013
17
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
2012 Avg ≈ 2.8M / mo.
2013 YTD Avg ≈ 5.5M ...
Total Malware Growth
18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Total Malware Growth
19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
~50% increase
20
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
APT / Targeted Attacks
Ponemon Research: 2013 State of the End...
New Threat Landscape
The Endpoint is the
New Attack Vector
21
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Bro...
Safeguarding Your Environment
Defense-in-Depth Strategy
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Successful risk mitigation requires a l...
Defense-in-Depth – AV
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Stops “background noise” malware...
Defense-in-Depth – Port / Device Control
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Can prevent u...
Defense-in-Depth – Encryption
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Protects data; stops lea...
Defense-in-Depth – App Whitelisting
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Extremely effectiv...
Defense-in-Depth – Patch / Config Mgmt
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Benefits
» Eliminates the ...
Endpoint Management Complexity
Challenge
• Too Many Products, Too Much Complexity
» Endpoint management has become excessi...
Endpoint Management Complexity
Challenge
• Too Many Products, Too Much Complexity
» Endpoint management has become excessi...
Overcoming Barriers
Tolly Study: Clients
32
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Tolly Study: Servers
33
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
True Cost of Malware
• Acquisition Costs
» Licensing
(license cost, maintenance, support)
» Installation
(HW / SW, roll-ou...
More Information
• Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and
application vulnerabilities o...
Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog....
37
• Download a copy of today’s slides
• Provide your feedback! Please complete our survey.
• A recorded version of this s...
Upcoming SlideShare
Loading in …5
×

New Malware Signature Every ½ Second – Is Your AV Keeping Up?

1,351 views

Published on

So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary driver for increasing IT operating expenses, and 58% of them are experiencing more than 25 malware incidents every month.

It’s time to put aside yesterday’s assumptions about malware, and prepare for modern antimalware combat.

In this presentation we’ll look at current malware warfare – and how you can implement defensive strategies to protect your organization. Along the way, we’ll look at some very recent survey results from more than 900 IT professionals – 91% of whom believe AV is ‘very’ or ‘extremely’ important to protecting their network, despite seeing malware incidents continue to rise.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,351
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

New Malware Signature Every ½ Second – Is Your AV Keeping Up?

  1. 1. The Real World of IT Security – Insight From a Survey of Business Aaron C. Goldberg July 2013
  2. 2. Interactivity Tips 1. Ask A Question 2. Download a PDF copy of today’s presentation 3. Social Networking Tools
  3. 3. Key Discussion Points • The IT Security landscape • Identifying the concerns • The reliance on Anti-Virus • The barriers to increased levels of IT security
  4. 4. About the Survey • How many • When • How was it done
  5. 5. Today’s IT Security Landscape • Biggest areas of IT security concern • Threat impact • Protection in use for endpoints • Protection in use for servers
  6. 6. Key Concerns for IT Security 0% 5% 10% 15% 20% 25% Operatingsystem layerattacks Applicationlayer attacks USBdeviceattacks Unwantedapplication installation Memory-based attacks Phishing Zero-dayattacks AdvancedPersistent Threats(i.e.using… OTHER Noneoftheabove
  7. 7. Impact of Threats Malware Incidents Per Month 0% 10% 20% 30% 40% 50% 60% 70% 5-10 10-20 20-30 30-40 40+
  8. 8. Protection In Use At Endpoints 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Applicationcontrol/ whitelistings Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrivesecurity Webfiltering Datalossprevention OTHER Noneoftheabove
  9. 9. Protection Installed for Servers 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Anti-virus(AV) Application control/whitelisting Dataencryption Firewalls USBdevicesecurity Patchmanagement Harddrive(security) Webfiltering Accesscontroltechnologies OTHER Noneoftheabove
  10. 10. Focusing on Anti-Virus • Most common security tool • Viruses seem to be the single most prominent threat mentioned in the general press • Developed when viruses were the vast majority of threats, but that’s no longer true • Yet reliance is still there
  11. 11. How Important Do You Believe Anti- Virus is to Protect Your Network 0% 10% 20% 30% 40% 50% 60% 70% Extremely important Very important Somewhat important Not very important Not important at all
  12. 12. The Barriers to Increased IT Security • This is one aspect of IT where the trade-off of dollars vs. risk is most apparent • The lack of a “finish line” makes it hard to know what investment is enough • Different industries have different needs
  13. 13. What Prevents You From Deploying Additional Security Layers 0% 10% 20% 30% 40% 50% 60% Budgetconstraints Laborconstraints Performanceimpacts (Bandwidth/hardware constraints) Ourenvironmentis adequatelyprotected withoutthem Unsure OTHER
  14. 14. PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Antivirus: Required but not Sufficient
  15. 15. New Threat Landscape
  16. 16. New Malware in 2013 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  17. 17. New Malware in 2013 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION 2012 Avg ≈ 2.8M / mo. 2013 YTD Avg ≈ 5.5M / mo.
  18. 18. Total Malware Growth 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  19. 19. Total Malware Growth 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION ~50% increase
  20. 20. 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION APT / Targeted Attacks Ponemon Research: 2013 State of the Endpoint ISACA Research: Advanced Persistent Threats Are Real » 93.6% feel APTs are a serious threat » 63% think it is only a matter of time » 79% feel this is the largest gap in APT prevention » 1 in 5 have experienced an APT attack 47% 36% 36% 24% 24% 22% 23% 13% Figure 4: IT security risks of most concern since 2010 More than three choice permitted in 2010 and 3 choices permitted in 2011 and 2012 Increased use of mobile platforms Advanced persistent threats Intrusion and data loss within a virtual environment 2012 2011 2010 * This choice was not available in all fiscal years *
  21. 21. New Threat Landscape The Endpoint is the New Attack Vector 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Browser, Apps and OS all have known vulnerabilities • 2/3 of all apps have known vulnerabilities • Time-to-Patch with change control is long, resulting in a lack of security and visibility Rogue USB • Transport method for injecting malware (e.g., Conficker, Stuxnet) • Easiest and most common means of data loss / theft Virus / Malware • Best capture rate for day one with AV is 33%. After 30 days it is 93% • 70,000 pieces of malware a month remain undetected
  22. 22. Safeguarding Your Environment
  23. 23. Defense-in-Depth Strategy PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Successful risk mitigation requires a layered defensive strategy which includes: » Patch Management » Configuration Control » Application Whitelisting » Memory Protection » Data Encryption » Port / Device Control » Antivirus Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 23
  24. 24. Defense-in-Depth – AV PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Stops “background noise” malware » May detect reused or “hidden “code » Will eventually clean payloads after they are discovered – prevents spreading to less protected machines Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 24
  25. 25. Defense-in-Depth – Port / Device Control PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Can prevent unauthorized devices from delivering payloads » Can stop specific file types from being copied to host machines » Stops common delivery vector for evading extensive physical and technical security controls Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 25
  26. 26. Defense-in-Depth – Encryption PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Protects data; stops leakage; etc. » Makes lateral data acquisition more difficult for APTs / targeted attacks » Required by almost all regulations Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 26
  27. 27. Defense-in-Depth – App Whitelisting PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Extremely effective against zero-day attacks » Stops unknown, targeted malware payloads » Low performance impact on endpoints » Prevents sophisticated memory injection attacks which bypass file system Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 27
  28. 28. Defense-in-Depth – Patch / Config Mgmt PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Benefits » Eliminates the attackable surface area that hackers can target, including OS and 3rd party apps across multiple platforms » Centralizes configuration and enforcement of native desktop firewalls and other security settings Patch and Configuration Management Application Control Memory Protection Device Control AV Hard Drive and Media Encryption 28
  29. 29. Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Many Consoles Disparate Architecture Many Agents 29
  30. 30. Endpoint Management Complexity Challenge • Too Many Products, Too Much Complexity » Endpoint management has become excessively complex as multiple stand-alone solutions have been implemented in the IT environment Solution • Single, Extensible Platform » Reduce the number of endpoint agents, servers, consoles in use » Improve visibility and control over endpoints » Reduce learning curve, free up network resources and improve IT productivity / resources » Leverage existing organizational structures across solutions and reduce data silos Single Console Agile n-Tier Pluggable Architecture Single Promotable Agent 30
  31. 31. Overcoming Barriers
  32. 32. Tolly Study: Clients 32 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  33. 33. Tolly Study: Servers 33 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  34. 34. True Cost of Malware • Acquisition Costs » Licensing (license cost, maintenance, support) » Installation (HW / SW, roll-out, other) • Operational Costs » System Managemenet » Incident Management (help desk, escalation, re-imaging) » Lost Productivity • Does not include extraordinary costs, such as a data breach Operational (60~80%) Acquistion (20~40%) 34 http://www.lumension.com/Resources/Value-Calculators/Cost-of-Malware-Calculator.aspx
  35. 35. More Information • Free Security Scanner Tools » Vulnerability Scanner – discover all OS and application vulnerabilities on your network » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Online Demo Video: http://www.lumension.com/Resources/Demo- Center/Vulnerability-Management.aspx » Free Trial (virtual or download): http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx • Think Before You Renew Your AV http://www.lumension.com/rethink-av 35
  36. 36. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com
  37. 37. 37 • Download a copy of today’s slides • Provide your feedback! Please complete our survey. • A recorded version of this seminar will be available at www.eSeminarsLive.com • View a calendar of our Upcoming Events Attendee Services

×